Today’s security and compliance environment is challenging, and no single vendor can solve the entire problem for you. CyberArk understands this, which is why we’ve created a powerful ecosystem of technology and channel partners that can provide you with a complete solution for your privileged account security and compliance requirements.

CyberArk’s award-winning software protects the high value assets of leading companies and government organizations around the world. We take that responsibility seriously. That’s why we only hire the best.

BLOG POST

Securing Privileged Accounts – A Best Practices Guide – Part 4

CyberArk recently released The Three Phases of Securing Privileged Accounts – a maturity model providing a simple, yet effective, framework for applying the best security strategy for privileged accounts in any environment. In the last post – we looked at the best practices of companies in the middle of the privileged account security maturity model. This post will examine best practices for a company in the best maturity model.

Here are best practices for companies at the forefront of privileged account security. These companies understand the threats that unprotected privileged accounts present and are enacting security policies that every company should aspire to emulate.

Best Practices – Highly Effective Maturity

Automated Disabling Inactive Privileged Accounts: Privileged account security across the enterprise is difficult and prone to human error. Relying on manual solutions and institutional knowledge is better than doing nothing but automation is far more effective.

Multi-factor Authentication for All Admin Access: This includes domain admin access. While this is not a foolproof security measure, it’s an additional layer that makes privileged identities a harder target for advanced threats. Many platforms (such as legacy network devices or business applications) may not support multi-factor authentication. This is why deploying a privileged account security solution with support for multifactor authentication eliminates the need to support multifactor authentication natively to target devices.

Automate Password Verification and Reconciliation: This process ensures that all passwords of record are current on all systems. Automating this process is critical when managing privileged identities. New privileged accounts are constantly created and deleted – requiring an automated system to manage and verify passwords.

Frequently Identify, Change and Verify Hardcoded Passwords: Hardcoded passwords are often embedded in applications and can become an afterthought in many organizations – a critical security vulnerability that hackers frequently target. Auditing all accounts and automating the management of app credentials allows an organization to rotate passwords without risk.

Directly Connect Target Systems without Displaying Passwords to Users: Preventing the disclosure of privileged passwords to the end user adds an additional layer of security sand reduces the maintenance of shared accounts.

One hundred percent of all advanced attacks exploit privileged credentials – locking these accounts down is critical to the security of the enterprise. The process of securing privileged accounts should be on-going with continuous evaluation and adjustments to improve security as the business and threat landscape changes.

If you have questions about where you company would rank on the maturity model, let us know and we’re happy to provide an assessment.